漏洞信息详情
MySQL服务器RENAME TABLE系统表格覆盖漏洞
- CNNVD编号:CNNVD-200712-083
- 危害等级: 低危
- CVE编号: CVE-2007-5969
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2007-05-16
- 威胁类型: 远程
- 更新时间: 2009-08-07
- 厂 商: mysql
- 漏洞来源: Joerg Bruehe
漏洞简介
Oracle MySQL是美国甲骨文(Oracle)公司的一套开源的关系数据库管理系统。该数据库系统具有性能高、成本低、可靠性好等特点。
MySQL在某些配置情况下存在漏洞,本地攻击者可能利用此漏洞修改破坏数据表。
如果表格设置了DATA DIRECTORY和INDEX DIRECTORY选项的话,MySQL服务器在使用RENAME TABLE语句重新命名该表格时存在错误,可能允许攻击者通过某些符号链接替换所指向的文件导致覆盖系统表格信息。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-5.0.51.tar.gz/from/pick
参考网址
来源: BID
名称: 31681
链接:http://www.securityfocus.com/bid/31681
来源: FEDORA
名称: FEDORA-2007-4471
链接:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.HTML
来源: FEDORA
名称: FEDORA-2007-4465
链接:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.HTML
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-1999
来源: UBUNTU
名称: USN-559-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1
来源: SECTRACK
名称: 1019060
链接:http://www.securitytracker.com/id?1019060
来源: BID
名称: 26765
链接:http://www.securityfocus.com/bid/26765
来源: BUGTRAQ
名称: 20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server
链接:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded
来源: REDHAT
名称: RHSA-2007:1157
链接:http://www.redhat.com/support/errata/RHSA-2007-1157.HTML
来源: REDHAT
名称: RHSA-2007:1155
链接:http://www.redhat.com/support/errata/RHSA-2007-1155.HTML
来源: MANDRIVA
名称: MDKSA-2007:243
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243
来源: VUPEN
名称: ADV-2008-2780
链接:http://www.frsirt.com/english/advisories/2008/2780
来源: VUPEN
名称: ADV-2008-1000
链接:http://www.frsirt.com/english/advisories/2008/1000/references
来源: VUPEN
名称: ADV-2008-0560
链接:http://www.frsirt.com/english/advisories/2008/0560/references
来源: VUPEN
名称: ADV-2007-4198
链接:http://www.frsirt.com/english/advisories/2007/4198
来源: VUPEN
名称: ADV-2007-4142
链接:http://www.frsirt.com/english/advisories/2007/4142
来源: DEBIAN
名称: DSA-1451
链接:http://www.debian.org/security/2008/dsa-1451
来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3216
来源: SLACKWARE
名称: SSA:2007-348-01
链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959
来源: GENTOO
名称: GLSA-200804-04
链接:http://security.gentoo.org/glsa/glsa-200804-04.xml
来源: SECUNIA
名称: 32222
链接:http://secunia.com/advisories/32222
来源: SECUNIA
名称: 29706
链接:http://secunia.com/advisories/29706
来源: SECUNIA
名称: 28838
链接:http://secunia.com/advisories/28838
来源: SECUNIA
名称: 28559
链接:http://secunia.com/advisories/28559
来源: SECUNIA
名称: 28343
链接:http://secunia.com/advisories/28343
来源: SECUNIA
名称: 28128
链接:http://secunia.com/advisories/28128
来源: SECUNIA
名称: 28108
链接:http://secunia.com/advisories/28108
来源: SECUNIA
名称: 28099
链接:http://secunia.com/advisories/28099
来源: SECUNIA
名称: 28063
链接:http://secunia.com/advisories/28063
来源: SECUNIA
名称: 28040
链接:http://secunia.com/advisories/28040
来源: SECUNIA
名称: 28025
链接:http://secunia.com/advisories/28025
来源: SECUNIA
名称: 27981
链接:http://secunia.com/advisories/27981
来源: SUSE
名称: SUSE-SR:2008:003
链接:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.HTML
来源: MLIST
名称: [Announcements] 20071206 MySQL 5.0.51 has been released
链接:http://lists.mysql.com/announce/495
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2008-10-09
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2008/Oct/msg00001.HTML
来源: forums.mysql.com
链接:http://forums.mysql.com/read.php?3,186931,186931
来源: dev.mysql.com
链接:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.HTML
来源: dev.mysql.com
链接:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.HTML
来源: dev.mysql.com
链接:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.HTML
来源:NSFOCUS 名称:11259※10357※11082※11321※11351※11626※11841※11869※11937※11967※1202 链接:http://www.nsfocus.net/vulndb/11259※10357※11082※11321※11351※11626※11841※11869※11937※11967※1202
受影响实体
- Mysql Mysql_enterprise_server:5.0.50
- Mysql Community_server:5.0.41
- Mysql Community_server:5.0.44
- Mysql Community_server:5.0.45
- Mysql Community_server:5.0.50
补丁
暂无
评论